---
# This is the internal user database
# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh

_meta:
  type: "internalusers"
  config_version: 2

# Define your internal users here

## Demo users

admin:
  hash: "{{ opendistro_admin_pass | password_hash('bcrypt') }}"
  reserved: true
  backend_roles:
  - "admin"
  description: "Demo admin user"

kibanaserver:
  hash: "{{ opendistro_kibanaserver_pass | password_hash('bcrypt') }}"
  reserved: true
  description: "Demo kibanaserver user"

kibanaro:
  hash: "{{ opendistro_kibanaro_pass | password_hash('bcrypt') }}" 
  reserved: false
  backend_roles:
  - "kibanauser"
  - "readall"
  attributes:
    attribute1: "value1"
    attribute2: "value2"
    attribute3: "value3"
  description: "Demo kibanaro user"

logstash:
  hash: "{{ opendistro_logstash_pass | password_hash('bcrypt') }}"
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"

readall:
  hash: "{{ opendistro_readall_pass | password_hash('bcrypt') }}"
  reserved: false
  backend_roles:
  - "readall"
  description: "Demo readall user"

snapshotrestore:
  hash: "{{ opendistro_snapshotrestore_pass | password_hash('bcrypt') }}"
  reserved: false
  backend_roles:
  - "snapshotrestore"
  description: "Demo snapshotrestore user"

prometheus:
  hash: "$2y$12$NcvzQj67uKmyUqURCuY/quQ85r0CpDPQTstqYABfKBqX3UKsVUtJK" 
  reserved: true
  backend_roles:
  - "readall_and_monitor"
  description: "Prometheus monitor user"